HIGH

Ensure WAF has XSS protection enabled

WAF should have cross-site scripting (XSS) protection rules.

Security Impact

XSS attacks can steal user sessions and inject malicious content.

How to Remediate

Include AWSManagedRulesCommonRuleSet which includes XSS protection rules.

Affected Resources

AWS::WAFv2::WebACL

Compliance Frameworks

SOC 2PCI-DSSOWASP

How TigerGate Helps

TigerGate continuously monitors your AWS environment to detect and alert on this misconfiguration. Here's what our platform does for this specific check:

  • Continuous Scanning

    Automatically scans all AWS WAF resources across your AWS accounts every hour

  • Instant Alerts

    Get notified via Slack, email, or webhooks when this misconfiguration is detected

  • One-Click Remediation

    Fix this issue directly from the TigerGate dashboard with our guided remediation

  • Compliance Evidence

    Automatically collect audit evidence for SOC 2, PCI-DSS, OWASP compliance

  • Drift Detection

    Get alerted if this configuration drifts back to an insecure state after remediation

Check Details

Check ID
aws-waf-4
Service
AWS WAF
Category
Web Security
Severity
HIGH

Automate This Check

TigerGate automatically scans your AWS environment for this and 575+ other security checks.

Start Free Trial

Related AWS WAF Checks

View all checks
aws-waf-1high

Ensure WAF web ACLs are associated with resources

aws-waf-2high

Ensure WAF has AWS managed rules enabled

aws-waf-3high

Ensure WAF has SQL injection protection enabled

aws-waf-5medium

Ensure WAF has rate limiting rules

aws-waf-6medium

Ensure WAF logging is enabled